Two weeks ago, we went to Jordan for our holiday. Something we had planned to do a couple of years ago, but was postponed a couple of times due to the events (Arab Spring) in the Middle-East. Something that turned out to be completely unnecessary.
Jordan is a stable (semi) democratic Middle-Eastern kingdom surrounded by some of the most dangerous countries in the region. Especially with the rise of the Islamic State (IS) in Syria and Iraq which share a border with Jordan on the north/east, things COULD turn ugly relatively fast... But then again, were are you 100% safe?
You can also be shot from the skies over the Ukraine while going on holiday (MH17), or your train can be blown up in a train station in Madrid, or spotting planes on the World Trade Centre (Twin Towers) can result in death and mayhem. While staying at home is also not without risks. How many people die in the bathroom by slipping over a couple of drops of water?
So more than enough reasons not to stay at home and taste the culture of Jordan during an 8 day trip.
A while back I investigated the possibility of using the Lee filter system on my Fujifilm X-T1. As you can see, I invested in two Lee ND filters;
- Lee Big Stopper (110ND / 10 stops Neutral Density Grey filter)
- Lee Little Stopper (106ND / 6 stops Neutral Density Grey filter)
The thing with ND filters is that they reduce the light evenly. This results in (depending on the greyness of the filter) longer exposure times. With enough 'stops' in front of your lens, you can stretch the exposure from 1/200s to 10 or 15 minutes. Shooting with exposure times of minutes instead of the usual fraction of seconds results in motion blur in the photos (assuming that you're not shooting a stationary object indoors). Expose long enough, and the movement becomes a silky haze.
My Apple OSX server (Mountain Lion) at home is the centre of my network and entertainment system. It provides provides the following services:
Since several (soft-, and hardware) upgrades and redesigns of my internal network (from a single VLAN to a multi-VLAN with firewall services and traffic inspection) several services failed under certain circumstances. E.g. Air-Video would work internally where the client was in the same network as the OSX server network interface. But trying to connect through the SSL VPN stopped working for some reason. Also, the VNC Viewer did work in the old days, but stopped working over time. Same for several static NAT entries; worked before, and stopped working without 'no reason'. Other services like ssh did work in the old and new network design....
The last week, I've been experimenting with the Juniper Mobility System Software (MSS) in conjunction with two Juniper/Trapeze Access Points (type WLA522E). The MSS software is a Wireless LAN Controller (WLC) with manages the Access Points, and like so many Juniper Product; it can run in a virtual machine.
For the AP's to boot / connect to the network they need some basic information about where to find the WLC from which they receive their wireless settings. This can be done through DNS, or through DHCP. The first uses specific DNS records, and the latter uses DHCP Options (option 43 to be precise). I wanted to use the latter (which is a bit more challenging).
This blog post hold the key ingredients for successfully authenticating on layer 2 (802.1x or dot1x) and layer 3 with:
General Information
The setup consists of four networks (VLAN's) and Internet access. Inter-VLAN communication is handled by a Juniper SRX210. The four VLAN's are:
- Untrust (VLAN 20)
The Internet - Trust (VLAN 10 - 192.168.1.0/24)
This VLAN hosts the UAC, Active Directory, DNS and DHCP services - Production (VLAN 100 - 192.168.100.0/24)
Network where the normal workstations are placed - Quarantine (VLAN 200 - 192.168.200.0/24)
This is where the naughty people/PC's are dropped
When a PC is placed in Quarantine, it looses all access to the Internet, but can still resolve domain names, access minimal internal services like the DHCP server and the UAC.
The components on the network are:
- Domain Controller + DNS Server - 192.168.1.10
- DHCP Server - 192.168.1.1
- UAC - 192.168.1.11
- Gateway(s) - .254